DDoS: Coordinated Attacks Analysis This article will cover some concepts about a well-known attack named DDoS (Distributed Denial-of-Service) with some lab demonstrations as a “Proof of Concept” with countermeasures. In this paper we will focus on two types of attacks, which are "SYN flood" and "Slow HTTP DDoS Attack".t
I
t is likely that you already know this attack named Distributed Denial-of-Service (DDoS) which is an extension of the classic well-known DoS (Denial of Service) that arise when the target server is overloaded with TCP or UDP requests to particular service (usually running on the port 80, web service, but this depends on the intentions of the attacker, any service could be vulnerable) leaving respond to genuine requests. The concept of "Distributed" is concerning that these requests are made from hundreds, thousands of infected machines (commonly called "zombies") which are governed by "botnets" (http://
Figure 1. Client establish a healthy connection with the server EXTRA 05/2012(9)
en.wikipedia.org/wiki/Botnet) in a coordinated manner at the same time, which is a sum of bandwidth, memory and processing consumption on the target that, generally, any server could not handle ending in a collapse of service targeted due to the failure to answer each request. The key to success in DDoS attacks is the number of "zombies" available on each Botnet. We can say that the greater the number of machines attackers, the worse the attack is. As an example, let’s do the following quick estimate: 3000 hosts * 128 KiB/s (common home-users upstream) = 384000 KiB/s = 375 MiB/s
Figure 2. Crafted packages are sent to the server Page 32
http://pentestmag.com